as) United States
`a2) Patent Application Publication co) Pub. No.: US 2013/0232083 Al
`
` SMITHetal. (43) Pub. Date: Sep. 5, 2013
`
`
`US 20130232083A1
`
`(54) SYSTEMS AND METHODS FOR MAPPING A
`MOBILE CLOUD ACCOUNT TO A PAYMENT
`ACCOUNT
`
`(71) Applicant: MasterCard International
`Incorporated, (US)
`
`(72)
`
`Inventors: Theresa L. SMITH, Park Steet (GB);
`John M. Mwangi, White Plains, NY
`(US); Christina E. Sheppard,
`Mamaroneck, NY (US)
`
`(73) Assignee: MasterCard International
`Incorporated, Purchase, NY (US)
`
`(21) Appl. No.: 13/782,111
`
`(22)
`
`Filed:
`
`Mar.1, 2013
`
`Related U.S. Application Data
`
`(60) Provisional application No. 61/605,588, filed on Mar.
`1, 2012.
`
`Publication Classification
`
`(51)
`
`(2012.01)
`
`Int. Cl.
`G06Q 20/32
`(52) U.S. CI.
`CPC liciecccccccccccsesssessesscescees G06Q 203278 (2013.01)
`USPC woes sesseeneescecosescnesersesseeneneeaes 705/67
`(57)
`ABSTRACT
`.
`ti
`method f;
`A
`.
`fi
`ial t
`transaction using a
`method
`for processing a
`financial
`mobile cloud account mappedto a paymentaccount includes:
`storing,
`in a mapping database, a plurality of mapping
`records, each mapping record including a master key identi-
`fier, a mobile cloud account number (MCA), and a real card
`account number (RCA), the MCA being based onattributes
`of the RCA;receiving transaction data related to a financial
`transaction, wherein the transaction data includesat least an
`MCAand a payment cryptogram;validating, by a validation
`device, the payment cryptogram; identifying, in the mapping
`database, a specific mapping record, wherein the specific
`mapping record includes the MCA included in the received
`transaction data; and transmitting at least the RCA included
`in the specific mapping record anda validation result indicat-
`ing a success or failure of the validation of the payment
`cryptogram.
`
`a
`
`io
`
`Contactless
`4108
`Point of Sale
`
`
`AcquirerTerminal Issuer
`Mobile Device
`
`
`
`Payment
`Network
`
`
`
`NN
`
`Mobile Cloud
`Service Provider
`
`114
`
`Clearing Service
`
`1
`
`SAMSUNG 1006
`
`SAMSUNG 1006
`
`1
`
`

`

`Patent Application Publication
`
`Sep. 5, 2013 Sheet 1 of 14
`
`US 2013/0232083 Al
`
`quewAed
`
`OL OMISN
`
`JOnss}
`
`FEUILS{801ayesfoJulod
`
`Jounboy
`
`SAGSIO
`
`SSOPOBILOD
`
`oO
`OQ~
`
`PRODBIGoyy
`
`IBPIAQBIBS
`
`oN|Vii
`
`BalasHueaD
`
`bSid
`
`2
`
`
`
`
`
`
`

`

`Patent Application Publication
`
`Sep. 5, 2013 Sheet 2 of 14
`
`US 2013/0232083 Al
`
`
`
`
`Aypeuonounyppy-enjerinqewAe,
`
`
`
`
`“oye‘AeA‘suodnogjuswabeueyuoHeonddyjuewAed
`
`
`
`yuaulayyainoas
`
`
`
`daynUsp]Aoysa}seyy
`
`BIPIEDBGK
`
`¢Old
`
`
`
`Jake]Anodespuevoedunwwoy
`
`
`
`
`
`
`
`uoneonddyjuawAeg
`
`pod
`
`cOk
`
`JOHUEM
`
`
`
`
`
`
`
`sjequapelDjuncoDYypnojDnago,
`
`3
`
`

`

`Patent Application Publication
`
`Sep. 5, 2013 Sheet 3 of 14
`
`US 2013/0232083 Al
`
`€Old
`
`80€
`
`JoYOR)AUBA
`
`hay12182
`
`
`
`UlJBIyAUaP|
`
`
`
`yuawalyainoes
`
`
`
`JOISEYBJesBUEy)
`
`yeipyeg,9saiuep]Asy
`
`Ole
`
`JOIPALS19JeUEp}
`
`
`
`Aays31Seyusnd
`
`ANy-@U}-4eAO
`ahJanss|OLfepicigaoEgCOL—-BOIAS]BHIOYYCOS49S/)
`
`
`
`
`BOIABCGOVO}ov)ePID
`
`
`OLE
`
`Begosepuas
`
`zieve
`
`
`
`BIEGOS8qHeISLY
`
`BLE
`
`0ze
`
`YOW40)Apeay
`
`Butuoisinald
`
`
`
`
`
`AdyJayseyyyeysuy
`
`
`
`juewelyandes
`
`®Joyqusp|
`
`
`
`
`
`MOj}-4GUIUOIS|AOIgJayNUap]AyJOISeIY
`
`90€
`
`
`
`OHQOWJsanbay
`
`
`
`BOMBSPND
`
`4
`
`
`
`
`
`
`
`

`

`Patent Application Publication
`
`Sep. 5, 2013 Sheet 4 of 14
`
`US 2013/0232083 Al
`
`a1GQo/Vy
`
`‘UOHEWUOJU|'DEDSplAdig
`
`
`
`JOSEYUOISIADY
`
`dayquapyAey
`
`
`
`aqibyyAquep
`
`syou
`
`
`
`ajqibyauingey
`
`svOu
`
`
`
`aiqlbygAeidsiq
`
`syou
`
`
`
`JaISeYyWWSUELE
`
`Jaynuapyey
`
`
`
`Joseyjsonboy
`
`Jayquapyfay
`
`YOueisenbey
`
`Jequinu
`
`V7Sid
`
`esnoasulJayNUEp]
`
`juawely
`
`thJONss}Ol}—JOpiAOLyadIAIES
`
`Ser|OSh|boNoneek
`
`pajsanbe:AyquapyYouysenbey
`YOUSpiAdldpueYOWAlnuap|
`SHe}opYOu01dew
`VousHejaq
`
`
`
`
`
`
`
`
` MOLyHulclsirodld(YON)JBQUINNJuNODSYPNO}D
`ZOE=SOIAeBROWZOEJasy
`
`
`
`
`
`
`AayJ8]SBNjB10]g
`
`oyaAlsoey
`
`Bd1AaG
`
`
`
`Aisnoasiq:ealies
`
`syouaigi6y3
`
`5
`
`
`
`
`
`
`
`
`
`
`
`
`

`

`—<Y—SSa
`
`oe
`
`=—on
`
`se!!!!ar‘IdS>IIt'en!I!t=11i5oSlI!t“NR—_11i'py
`<10}}duogyuusued|'pueduosenisoey(VOIN)paegJaIeg°1''€;2Zev::|:=1\diag
`
`
`
`
`
`oS!Ittaa]noexyi::::eg1''YIltIt3!yey||QP|Sty
`+UCHOeSUBL|=jusuideg}40)Apeay
`°ttSs1'''a1J1t<:te1t_t
`nm$:oti:Ovrt=II''n'ii;ydu0S°Bujpuedsa05
`souenss|''.180g
`ayeI9UE4)
`
`
`
`
`altJanss}OLL JeplAosyBaINESpoeONINTOL«—-BOI]BOYZOE498
`BdIneq]SIGeyeqGugoesues410}
`
`
`
`
`
`
`
`
`
`
`
`
`
`MO}4Buluoisindid(YOW)4equANlunodoypNogayqoyy
`
`6
`
`
`
`

`

`Patent Application Publication
`
`Sep. 5, 2013 Sheet 6 of 14
`
`US 2013/0232083 Al
`
`rons[VOU)
`Otbrssucassraay
`
`
`
`
`
`asucdseyyulny
`
`IsendeyYIN
`yuowheg
`
`Jaunboy
`
`904
`
`WOIN) esucdsey
`
`Auth Request
`
`(MCA
`
`YAOMION
`
`801
`
`@dIAIBS
`
`JOPIADId
`
`AudesBodAry9Buiddeyy
`
`OL
`
`80S
`
`
`
`
`
`
`
` KYON]e01n0ceuaow
`
`S‘Sls
`
`7
`
`
`
`
`
`
`

`

`
`
`9SIsb298290g9
`
`929\\eeeNolen
`
`
`
`ieee1!(VOW)ssuodsayasuodseyasuodsay
`
`
`
`
`
`
`
`
`
`
`||WOHO1YOWNdewey
`
`
`
`eae3UOTEZUOUINYPLUSUEL|UONBZUOUINYSAlgdayUOHEZLOUINYaAaooY
`
`
`
` 7+==UOIDESUBL|$$8001d~—Yo
`
`
`
`asuodseyywaqns
`
`=av19
`
`
`
` ve=”YOuWNL(vou)isenbay
`
`
`
`UOHeZUOUINYaIOY
`
`
`
`wseneNeeebeneee.aoYa
`
`fiait’t’ tit5tttN
`
`ee
`
`
`
`
`
`uoyezuounyAueqjeluaqanecey
`
`
`UOHEZUOUINYalnoy
`
`UOHEZOUINYHwWAaNS
`
`
`
`(WON)senbay
`
`
`
`(WOIN)enbey
`
`
`
`SIGOWsdetsesn
`
`Old]
`
`
`
`
`
`ZLLJanss|OLL JONIAOSgBOIMIESB80)svomlenjuewAeg90LJesiNdoyPOLjeulUue)ssajoRju0D
`
`
`
`
`
`
`
`
`
`Patent Application Publication
`
`US 2013/0232083 Al
`
`
`
`
`
`
`
`
`
`MO|-{UOHOeSUeL,JUaWAeYSsanoeyUOD(YO)JequiNNJuNoODYpno}Dapqoyy
`
`
`
`
`
`
`
`
`
`8
`
`
`
`
`
`
`

`

`Patent Application Publication
`
`Sep. 5, 2013 Sheet 8 of 14
`
`US 2013/0232083 Al
`
`
`
`VOWYunog
`
`
`
`BIIABQaHQoyy
`
`2Oh
`
`
`
`
`
`1000000200001#SS
`
`VOWpucces
`
`
`
`
`
`VOI3414
`
`
`
`
`
`4000000d0000L¥Ss
`
`
`
`sjunoday18nss|
`
`S]UNODDYPed|RaYy
`
`VOuial
`
`
`
`
`
`OLLL0006000017SS
`
`
`
`Loce0868OOPZCOPS
`
`
`
`VOIPHUL9144000Z0000ISS
`
`
`VOUPuoaag
`
`9EEEO68OOPLZOKSVOUPAUL
`
`
`
`
`
`
`
`Lace08680OPZZOE
`
`
`
`juawiejyainves
`
`
`
`JoyRUap]AdyJ9}SeIY
`
`€666666800rd666S
`
`Z‘Sld
`
`
`
`
`
`QEEE0868OO,cOrS
`
`
`
`VOuuMnog
`
`9
`
`
`
`
`

`

`Patent Application Publication
`
`Sep. 5, 2013 Sheet 9 of 14
`
`US 2013/0232083 Al
`
`
`
`
`
`UNODOYpNoO{DaIqow
`
`BIBOYIADABYIGN1ANSs|
`
`ayeayiiedAeyOGNdDO}
`
`vow
`
`208
`
`
`
`juewalzeinveg
`
`BeoaDAVyGN41ENss]
`
`
`
`BEMNLIADAB}BYGNdODI
`
`VOW
`
`JoyNUSp]AdyJ3}Se
`
`
`
`€6666668OOP.6665
`
`BIASfgoyy
`
`ZOh
`
`BIjAEG
`
`JOTEM
`
`1ajjemM
`
`SiGoyy oO}
`
`8Old
`
`
`
`junodoypnojgargo
`
`ayeayiuayAVYIGN1aNSs|
`
`BIEIMIMIDABYBONDO!
`
`VOW
`
`
`
`JUBLUAIF84NDES
`
`
`
`JoyUapAvyJ07Se
`
`
`
`€666666800PZ666S
`
`
`
`pueWwWwoOsyepdy
`
`10
`
`10
`
`

`

`Patent Application Publication
`
`Sep. 5, 2013 Sheet 10 of 14
`
`US 2013/0232083 Al
`
`816026
`
`Gé6
`
`926
`
`
`
`
`
`
`
`jduogsouenss]1S0qaye1auer)
`
`O16
`
`be6
`
`
`
`
`
`rans}JAPIAOLYBOWES
`
`SdIAIaS
`
`
`
`
`
`
`mojAydesBoydn9BuiddeyyWOWJepiMdid
`
`
`
`a0InagaTdOyy
`
`
`
`
`
`ayeoyne9AayaqNgJenss]puesBleYONateieued
`
`cl6
`
`vL6
`
`916
`
`
`
`aqeoyttiegAayONNOIsyeaQ
`
`
`
`
`
`HedAdyayerpueIOGNdYSYJO!s12a9
`
`
`
`
`
`
`
`SABYJASE)9D]812919
`
`
`
`906
`
`806
`
`
`
`
`
`BECUSIEZYEUOSIA|B}ESID
`
`
`
`
`
`JSulByeuoYeZHeUOSIEga101¢
`
`VOWPussVOIayes8ue
`
`
`aid991puesayuap;Aeyaqopypuag
`
`
`
`jusWE;yandeswoAey
`
`11
`
`
`
`
`
`piooeyBurddeyyeves
`
`6Sid
`
`
`
`
`
`
`
`yduoeeouenss]3$0qa10IS
`
`11
`
`
`
`
`
`
`
`
`

`

`Patent Application Publication
`
`Sep. 5, 2013 Sheet 11 of 14
`
`US 2013/0232083 Al
`
`oc0l
`
`
`
`
`
`
`
`
`
`
`
`
`
`Ja\Seusou}Isa]Jesepnjou!p1000sBurddewayyuiasaym‘p1000sBuiddewe‘eseqeyepBurddeweut‘91039
`
`VOUOu}pue“YOReu}YeynUep!Aay
`
`0101
`
`
`
`
`
`VOXauyJosainquye‘aaiaepBuisseooldeAq‘Aquap;
`
`8004
`
`e001
`
`yO0}
`
`9001.
`
` Aayoyeaud49)uepue
`
`
`Aayayqnd95)ueBuipnjoulnedAayySy(99])peounouopayesBeyu!ue‘eolaepBuieisuabeAq‘aypiauanO00!
`
`juncasejuauiAed&0}Buipucdsasico(yoy)sequunujunoooepiedyea&‘acinapBuiaisoa:eAq‘eniaoay
`
`
`
`
`
`
`By}puw‘Aays8]SPLU99]aul‘Adyayeaud494auy‘hayayqnd49)aut‘eoinepBunjnusuedyeAqJusUeLL
`
`
`
`
`
`
`JaynueplAeyia}SewBJseg]yeUOpeseqAsyJajsew49]ue‘eoinepBugeiauebou;Aq‘ayesouad
`
`
`
`
`
`}UAWAIaOiNdesBUlOHBI0JSJO]SOIAADgIGoWBO}JoyUEP!AdyJe}SeUU
`
`cbOl
`
`POL
`
`9401
`
`8LOl
`
`0201
`
` QOLA@p
`
`
`
`
`
`VOUeu}JOSeinquyesuluopaseq(WON)sequinujunopnojoayqouweB‘edinepBuisseaoidayyAq‘Ajquapy
`
`
`
`
`
`
`@U}ULBBPJUNIEpnojo|efiqow@0}s0}painByuoojdudssournss!sodeB‘adlaapHurssadoidayyAq‘ayeag
`
`
`Aayoyqnd49]au}JoUOYBOYIGOLiopesedalZoe0AeyHand49}Ue‘eoiAepBuljeioueBou]Aq‘ayeseUSy
`
`
`
`
`
`
`
`
`JONSSIOU}ISL]JESOPNIOU!BYEPJUNOOOEPNO]OSHGOWULUIAIOYM‘BOIASPBfIGOWay]joJUBWA|eGuNdes
`
`
`
`
`ayeoyyieoAeyayeaudJanssiuepueAeyayeauidsanss!ue‘aoinepBulaieoe:ayyAq‘aaaoey
`
`
`
`
`
`
`
`a}IqouBy}Oo]JduoseouRNsst!jsodpayeeaut‘soinepGuywsueNauyAqqwusuelL
`ayeoyiedAoyaygndOD]ayypue‘WOWsy‘ayeoyyIEAeyond
`
`
`
`AayayeaudsanssiayyAq
`
`OF‘Sid
`
`12
`
`12
`
`
`

`

`Patent Application Publication
`
`Sep. 5, 2013 Sheet 12 of 14
`
`US 2013/0232083 Al
`
`BOL!
`
`OLLE
`
`
`
`BJPUOHORSUR.]PSAIOSsBU}ULPEPNjOUlYOI|aul
`
`cOlL LL“SIs
`
`
`
`
`
`
`
`jse9}yeSapnjouipsooasBuiddewyoreuraieum‘spi0de:BuiddewjoAjyeunjde‘aseqeyepBuiddewvBut‘ai0}S
`
`
`
`
`
`UOIBpHeABpuepsooeBuiddewayoedsou}ulpspnjoutWOUauljse9Je‘eoinapBunsuedeAq‘jRUsUBs|
`
`
`
`
`
`
`
`
`pue‘(vOy)saquinujJunosorpredfearBpue‘{yOWW)Jequinujunodoepnojoaiqow2“aynuep!AeyJe}sew2
`
`
`
`
`
`
`
`
`
`sepnjouipsooesBuiddewsijoadsay}uiaiaym‘piooesBuiddewoyloedse‘aseqerepBuiddeway}ui‘Ajguepy
`
`
`
`
`
`
`
`
`UOHOBSUR!SU]UIdJaUM‘UOMOeSUBHjeIOURUI]BO]PalejaiBYEpUOORSURy‘BoIAepBulvlagauBAq‘aAIa00}
`
`
`
`weiBojdArojuawiAedau}JOUOTEpHeAOy]JOGuNHey40ssadonseBuyeoipulynsas
`
`wesBoydAsojuswiAed&pueYOuejse9jJesapnjourByep
`
`
`
`weiBoldiiojuawuAedayy‘aoinapuosepieaBAq‘ayepyej,
`
`vOLt
`
`GOOLE
`
`
`
`VOH84)J0Seingiuneuopaseqs}WOWeu]UlsieUM
`
`13
`
`2©——
`
`13
`
`

`

`Patent Application Publication
`
`Sep. 5, 2013 Sheet 13 of 14
`
`US 2013/0232083 Al
`
`cOcl
`
`pol
`
`901
`
`8071
`
`Olcl
`
`clcl
`
`
`
`
`
`
`
`
`
`
`
`yduasaouenss!jsodauosea]yepanieoai
`
`obSIs
`
`BuraigoaseBAq‘anreoay
`UOpasedSiWOWsulUlsseyMpur“(YOI\)JequunujJUNODORPoysjiqowepue‘ayeoynedAsayand99)ue
`
`
`
`
`‘gyeaynieaAayoyqndsenssiueyse9}yeBuipnjoulByepyuNodoepNojoayqow!au‘eyepjNEDIePno}ayigow
`
`
`
`
`
`
`
`
`Jayquap!Aaysayseuepue‘Ayase99]ue‘Asayayeaud99}ue‘Aeyanand(99))pueaynowopayesBoqui
`
`
`
`
`
`
`
`uesea]jeSepnjouleyepuoyezieuosseday]ulssaUM‘eyepUOezeuOSied‘adinap
`
`
`
`
`
`
`
`jsod9u0}$e9}JeBU]JOYOREUldsayM‘dasaouRNss!sodaudsea]ye‘edIAapBulaiaoaseAg‘enleoey
`
`
`
`
`
`joseouenss!sodauo1se9]}epanjaoalaul‘JUWE|aandesAU}UlPapNjouljouesequyepkeul‘A105
`
`
`
`
`‘QOIASPSHOWBU}JOJUBWBIOGINDESOUJOUOLIO]PuOd~aSBUI‘AlO}S0}peINByuCosi}duossoueNssi
`
`
`
`
`aujoduosaouenss)sodoytoadseulpapnjoulWOWueJOUOHeOIpUTUB‘adIAapIndulueAq‘aareooy
`
`
`ByepuoNezyeuosiedPenisoe.Au}‘BOIAaPSRGOWBJOJUALUA|SaINOaseBJOUOHEIO]ySul]BUl‘O10IS
`
`
`
`
`
`
`
`
`
`
`
`
`
`yduaseouenssijsodoyioadsaut‘soinapBuisseooideBAq‘a]noexy
`
`(WO)JequinujuNnoadepiedjeayBJosayNquye
`
`14
`
`14
`
`

`

`Patent Application Publication
`
`Sep. 5, 2013 Sheet 14 of 14
`
`US 2013/0232083 Al
`
`Aejd
`
`ccrr|eawoe
`
`ZOEL
`
`bOEL
`
`JOSSB0014
`
`o 3~
`
`9061
`
`elSidoles
`uredBeek
`owenweegoepajuAejdsiq
`
`AiowayyArepucvas
`SAU¥SIGPIE
`
`anug2621039
`SUOHROIUNWWOD
`aINJOMISesu]
`
`Stel
`
`oce|
`
`wuneBe0js
`
`aiqenouiayeoeLol
`
`ajqeaoway
`
`Hunabesois
`
`aIqeaoway
`
`
`QCERrteSUOHEOUNWLWOD
`suowyeounwuwoy5pect>Boepo}u|
`
`15
`
`15
`
`
`
`
`

`

`US 2013/0232083 Al
`
`Sep. 5, 2013
`
`SYSTEMS AND METHODS FOR MAPPING A
`MOBILE CLOUD ACCOUNT TO A PAYMENT
`ACCOUNT
`
`RELATED APPLICATIONS
`
`[0001] This application claimsthe priority benefit of com-
`monly assigned U.S. Provisional Application No. 61/605,
`588, filed Mar. 1, 2012, entitled “Systems and Methodsfor
`Mapping a Mobile Cloud Account to a Payment Account,” by
`Theresa L. Smith et al., which is herein incorporated by
`reference in its entirety.
`
`FIELD
`
`[0002] The present disclosure relates to the mapping of a
`mobile cloud account to a payment account, specifically
`using a mobile cloud account to conduct contactless payment
`transactions without modification to legacy issuer processing
`systems.
`
`BACKGROUND
`
`[0003] Advances in mobile and communication technolo-
`gies have created tremendous opportunities, one of which is
`providing users of mobile computing devices, such as smart
`phones, the ability to conduct payment transactions using
`their mobile computing device. One approach to enable
`mobile computing devices to conduct paymenttransactionsis
`through the use of near field communication (NFC)technol-
`ogyto securely transmit paymentcredentials from the mobile
`device to a contactless terminal. In many instances, a secure
`elementchip includedaspart of the mobile device is utilized.
`[0004] However, many paymentaccountissuersutilize sys-
`tems that are not configured to process contactless payment
`transactions. As a result, many payment account holders who
`possess NFC-capable mobile devices may not be able to take
`advantage ofthe convenient NFC technology. This may nega-
`tively affect not only the account holder, who is unable to
`conduct a contactless transaction using their mobile device,
`but also the account issuer, who may lose the business of the
`accountholder should he or she choose to switch to an issuer
`
`capable of processing contactless transactions.
`[0005] Thus, there is a need for a technical solution to
`facilitating the conducting of contactless payment transac-
`tions on a mobile device that does not require significant
`changes to legacy issuer processing systems.
`
`SUMMARY
`
`[0006] The present disclosure provides a description of
`systems and methods for mapping a mobile cloud accountto
`a payment account, and the processing of financial transac-
`tions based therein.
`
`[0007] A method for mapping a payment account to a
`mobile cloud account numberincludes: generating, by a gen-
`erating device, an integrated circuit card (ICC) RSA key pair
`including an ICC public key and an ICCprivate key; gener-
`ating, by the generating device, an ICC master key based on at
`least a master key identifier; transmitting, by a transmitting
`device, the ICC public key, the ICC private key, the ICC
`master key, and the master key identifier to a mobile device
`for storage in a secure element; receiving, by a receiving
`device, a real card account number (RCA) corresponding to a
`payment account;
`identifying, by a processing device,
`attributes of the RCA;identifying, by the processing device,
`a mobile cloud account number (MCA) based on the
`
`attributes of the RCA;receiving, by the receiving device, an
`issuer private key and an issuer private key certificate; gener-
`ating, by the generating device, an ICC public key certificate
`based on certification of the ICC public key by the issuer
`private key; creating, by the processing device, a post issu-
`ance script configured to store mobile cloud account data in
`the secure element of the mobile device, wherein the mobile
`cloud account data includes at least the issuer public key
`certificate, the MCA, and the ICC public key certificate;
`transmitting, by the transmitting device, the created post issu-
`ance script to the mobile device; and storing, in a mapping
`database, a mapping record, wherein the mapping record
`includesat least the master key identifier, the MCA, and the
`RCA.
`
`[0008] A method for processing a financial transaction
`includes: storing, in a mapping database, a plurality of map-
`ping records, wherein each mappingrecord includesat least a
`master key identifier, a mobile cloud account number (MCA),
`and a real card account number (RCA), and wherein the MCA
`is based on attributes of the RCA; receiving, by a receiving
`device, transaction data related to a financial transaction,
`wherein the transaction data includesat least an MCA and a
`
`payment cryptogram; validating, by a validation device, the
`paymentcryptogram;identifying, in the mapping database, a
`specific mapping record, wherein the specific mapping record
`includes the MCAincludedin the received transaction data;
`and transmitting, by a transmitting device, at least the RCA
`included in the specific mapping record anda validation result
`indicating a success orfailure ofthe validation ofthe payment
`cryptogram.
`[0009] A method for providing payment credentials for a
`financial
`transaction includes:
`receiving, by a receiving
`device, personalization data, wherein the personalization data
`includesat least an integrated circuit card (ICC)public key, an
`ICC private key, an ICC master key, and a master key identi-
`fier; storing, in a first location of a secure element of a mobile
`device, the received personalization data; receiving, by a
`receiving device at least one post issuance script, wherein
`each ofthe at least one post issuance script is configured to
`store, in a secondlocation ofthe secure element ofthe mobile
`device, mobile cloud account data, the mobile cloud account
`data including at least an issuer public key certificate, an ICC
`public key certificate, and a mobile cloud account number
`(MCA); storing, in a database not included in the secure
`element, the received at least one post issuancescript; receiv-
`ing, by an input device, an indication of an MCA includedin
`a specific post issuance script ofthe receivedat least one post
`issuance script; and executing, by a processing device, the
`specific post issuance script, wherein the MCAis based on
`attributes of a real card account number (RCA).
`[0010] A system for mapping a payment account to a
`mobile cloud account includes a mapping database, a gener-
`ating device, a transmitting device, a receiving device, and a
`processing device. The generated device is configured to gen-
`erate an integrated circuit card (ICC) RSA keypair including
`an ICC public key and an ICCprivate key; generating, by the
`generating device, an ICC master key based on at least a
`master key identifier. The transmitting device is configured to
`transmit the ICC public key, the ICC private key, the ICC
`master key, and the master key identifier to a mobile device
`for storage in a secure element. The receiving device is con-
`figured to receive a real card account number (RCA)corre-
`sponding to a payment account. The processing device is
`configured to identify attributes of the RCA and identify a
`
`16
`
`16
`
`

`

`US 2013/0232083 Al
`
`Sep. 5, 2013
`
`mobile cloud account number (MCA)basedontheattributes
`of the RCA. The receiving device is further configured to
`receive an issuer private key and an issuerprivate key certifi-
`cate. The generating device is further configured to generate
`an ICC public key certificate based on certification ofthe ICC
`public key by the issuer private key. The processing deviceis
`further configured to create a post issuance script configured
`to store mobile cloud accountdata in the secure element ofthe
`mobile device, wherein the mobile cloud account data
`includesat least the issuer public key certificate, the MCA,
`and the ICC public key certificate. The transmitting device is
`further configured to transmit the created post issuancescript
`to the mobile device. The mapping database is configured to
`store a mapping record, wherein the mapping record includes
`at least the master key identifier, the MCA, and the RCA.
`[0011] A system for processing a financial
`transaction
`includes a mapping database, a receiving device, a validation
`device, a processing device, and a transmitting device. The
`mapping database is configured to store a plurality of map-
`ping records, wherein each mappingrecord includesat least a
`master key identifier, a mobile cloud account number (MCA),
`and a real card account number (RCA), and wherein the MCA
`is based on attributes of the RCA. The receiving device is
`configured to receive transaction data related to a financial
`transaction, wherein the transaction data includesat least an
`MCA and a payment cryptogram. The validation device is
`configured to validate the payment cryptogram. The process-
`ing device is configured to identify, in the mapping database,
`a specific mapping record, wherein the specific mapping
`record includes the MCAincluded in the receivedtransaction
`data. The transmitting device is configuredto transmitat least
`the RCAincludedin the specific mapping record anda vali-
`dation result indicating a success orfailure ofthe validation of
`the paymentcryptogram.
`[0012] A mobile device for providing paymentcredentials
`for a financial transaction includes an input device, a secure
`element, a database not included in the secure element, a
`receiving device, and a processing device. The receiving
`device is configured to receive personalization data, wherein
`the personalization data includesat least an integrated circuit
`card (ICC)public key, an ICC private key, an ICC masterkey,
`and a master key identifier. The processing device is config-
`ured to store, in a first location of the secure element of the
`mobile device, the received personalization data. The receiv-
`ing device is further configured to receive at least one post
`issuancescript, wherein eachofthe at least one post issuance
`script is configured to store, in a second location ofthe secure
`element of the mobile device, mobile cloud accountdata, the
`mobile cloud account data includingat least an issuer public
`key certificate, an ICC public key certificate, and a mobile
`cloud account number (MCA). The processing device is fur-
`ther configured to store, in the database, the received at least
`one post issuance script. The input device is configured to
`receive an indication of an MCA includedin a specific post
`issuance script of the received at least one post issuance
`script. The processing device is further configured to execute
`the specific post issuance script, wherein the MCAis based on
`attributes of a real card account number (RCA).
`[0013] A non-transitory computer
`readable recording
`medium records program instructions stored therein that
`causes a processor of a mobile computing device to execute a
`method for providing payment credentials for a financial
`transaction, wherein the method includes: receiving, by a
`receiving device, personalization data, wherein the personal-
`
`ization data includesat least an integrated circuit card (ICC)
`public key, an ICC private key, an ICC master key, and a
`master key identifier; storing, in a first location of a secure
`element of a mobile device, the received personalization data;
`receiving, by a receiving device at least one post issuance
`script, wherein each of the at least one post issuancescriptis
`configuredto store, in a second location ofthe secure element
`of the mobile device, mobile cloud account data, the mobile
`cloud account data including at least an issuer public key
`certificate, an ICC public key certificate, and a mobile cloud
`account number (MCA); storing, ina database not includedin
`the secure element, the received at least one post issuance
`script; receiving, by an input device, an indication of an MCA
`included in a specific post issuance script of the received at
`least one post issuancescript; and executing, by a processing
`device, the specific post issuance script, wherein the MCAis
`based onattributes of a real card account number (RCA).
`
`BRIEF DESCRIPTION OF THE DRAWING
`FIGURES
`
`[0014] The scope of the present disclosure is best under-
`stood from the following detailed description of exemplary
`embodiments whenread in conjunction with the accompany-
`ing drawings. Included in the drawings are the following
`figures:
`FIG. 1 is a high level architecture illustrating a sys-
`[0015]
`tem for the mapping of mobile cloud accounts to payment
`accounts and processing of contactless paymenttransactions
`using a mobile cloud account in accordance with exemplary
`embodiments.
`
`FIG. 2 isa block diagram illustrating data stored in
`[0016]
`the mobile device of FIG. 1 for the conducting of contactless
`payment transactions accordance with exemplary embodi-
`ments.
`
`FIG. 3 isa process flow illustrating a methodfor the
`[0017]
`over-the-air provisioning of a master key identifier to a
`mobile device in accordance with exemplary embodiments.
`[0018]
`FIGS. 4A and 4B are a process flow illustrating a
`methodfor the provisioning of mobile cloud accountdata to
`a mobile device in accordance with exemplary embodiments.
`[0019]
`FIG. 5 is a flow chart
`illustrating a high-level
`method for the processing of an authorization request for a
`contactless payment transaction funded via a mobile cloud
`account in accordance with exemplary embodiments.
`[0020]
`FIG. 6is a process flow illustrating a methodfor the
`processing of contactless paymenttransaction funded via a
`mobile cloud account in accordance with exemplary embodi-
`ments.
`
`FIG. 7 is a block diagramillustrating the provision-
`[0021]
`ing ofmobile cloud accounts to a mobile device in accordance
`with exemplary embodiments.
`[0022]
`FIG. 8 is a block diagramillustrating the provision-
`ing of mobile cloud account data to a secure element of a
`mobile device in accordance with exemplary embodiments.
`[0023]
`FIG. 9 isa process flow illustrating a methodfor the
`mapping and cryptography of mobile cloud account data in
`accordance with exemplary embodiments.
`[0024]
`FIG. 10 is a flow chart illustrating an exemplary
`method for the mapping of a payment account to a mobile
`cloud account in accordance with exemplary embodiments.
`[0025]
`FIG. 11 is a flow chart illustrating an exemplary
`method for the processing of a financial transaction in accor-
`dance with exemplary embodiments.
`
`17
`
`17
`
`

`

`US 2013/0232083 Al
`
`Sep. 5, 2013
`
`FIG. 12 is a flow chart illustrating an exemplary
`[0026]
`method for providing payment credentials for a financial
`transaction in accordance with exemplary embodiments.
`[0027]
`FIG. 13 is a block diagram illustrating a computer
`system architecture in accordance with exemplary embodi-
`ments.
`
`Further areas of applicability of the present disclo-
`[0028]
`sure will become apparent from the detailed description pro-
`vided hereinafter. It should be understood that the detailed
`
`description of exemplary embodimentsare intendedfor illus-
`tration purposesonly andare, therefore, not intended to nec-
`essarily limit the scope of the disclosure.
`
`DETAILED DESCRIPTION
`
`Definition of Terms
`
`Payment Network—A system or network used for
`[0029]
`the transfer ofmoneyvia the use ofcash-substitutes. Payment
`networks mayuse a variety of different protocols and proce-
`dures in order to process the transfer of money for various
`types of transactions. Transactions that may be performedvia
`a payment network may include productor service purchases,
`credit purchases, debit transactions, fund transfers, account
`withdrawals, etc. Payment networks may be configured to
`perform transactions via cash-substitutes, which may include
`paymentcards, letters of credit, checks, financial accounts,
`etc. Examples of networks or systems configured to perform
`as payment networks include those operated by Master-
`Card®, VISA®, Discover®, American Express®,etc.
`[0030]
`Payment Account—Afinancial accountthat may be
`used to fund a transaction, such as a checking account, sav-
`ings account, credit account, virtual payment account, etc. A
`payment account may be associated with an entity, which
`mayinclude a person, family, company, corporation, govern-
`mentalentity, etc. In some instances, a payment account may
`be virtual, such as those accounts operated by PayPal®,etc.
`[0031]
`Payment Card—A card or data associated with a
`paymentaccount that may be provided to a merchantin order
`to fund a financial transaction via the associated payment
`account. Paymentcards may include credit cards, debit cards,
`charge cards, stored-value cards, prepaid cards, fleet cards,
`virtual payment numbers, virtual card numbers, controlled
`payment numbers, etc. A payment card may be a physical
`card that may be provided to a merchant, or may be data
`representing the associated payment account(e.g., as stored
`in a communication device, such as a smart phone or com-
`puter). For example, in someinstances, data including a pay-
`ment account number maybe considered a paymentcard for
`the processing of a transaction fundedbythe associated pay-
`ment account. In someinstances, a check may be considered
`a payment card where applicable. Payment cards may also
`includereal card accounts having associated real card account
`numbers (RCAs) and mobile cloud accounts having associ-
`ated mobile cloud account numbers (MCAs)as discussed in
`more detail herein.
`
`System for Mapping and Processing Mobile Cloud Accounts
`
`FIG. 1 is a high level diagram illustrating a system
`[0032]
`100 for the mapping of mobile cloud accounts to payment
`accounts and the processing offinancial transactions funded
`via mobile cloud accounts.
`
`[0033] The system 100 may include a mobile device 102.
`The mobile device 102 may be any type ofmobile computing
`
`device 102 suitable for performing the functionsas disclosed
`herein as will be apparent to persons having skill in the
`relevant art, such as a cellular phone, smart phone, table
`computer, etc. The mobile device 102 may include a secure
`element. A secure element may be a tamper-resistant platform
`capable of securely storing data, such as a hardware chip. The
`secure element maystore a master key identifier, which may
`be provisionedto the secure elementat the time of the manu-
`facture ofthe mobile device 102, or via an over-the-air (OTA)
`provisioning method, such as discussed in more detail below.
`[0034] The mobile device 102 mayalso includedata related
`to one or more mobile cloud accounts. A mobile cloud
`
`account may include a mobile cloud account number (MCA),
`which may be associated with a real card account number
`(RCA). The RCA may correspond to a payment account
`issued to the user by an issuer 112. The MCA maybe mapped
`to the RCA suchthat the user may conduct a financial trans-
`action using the MCAfor fundingofthe financial transaction,
`and the funds may be supplied by the payment accountcor-
`responding to the RCA.Asa result, the user may beable to
`conduct a paymenttransaction using the mobile device 102
`without storing the RCA, thereby reducing the potential for
`fraud.
`
`[0035] The user mayindicate, using the mobile device 102,
`one of the MCAsto be used to fund a financial transaction
`while at a merchant. The mobile device 102 may execute a
`post issuance script, discussed in more detail below, config-
`ured to transmit mobile cloud account data into the secure
`element of the mobile device 102. The mobile device may
`then transmit payment credentials for the indicated mobile
`cloud accountto a contactless point-of-sale terminal 104 via
`near field transaction. Methods and systemsfor the transmis-
`sion of paymentcredentials via near field transaction will be
`apparent to persons having skill in the relevantart.
`[0036] The contactless terminal 104 may transmit the pay-
`ment credentials and other transaction information to an
`
`acquirer 106, such as an acquiring bank, operating as or on
`behalfofthe merchant, who may then submit an authorization
`request for the financial transaction with the MCA included
`for funding of the transaction. The submission of authoriza-
`tion requests for a financial transaction will be apparent to
`persons having skill in the relevant art. The authorization
`request may be submitted to, and received by, a payment
`network 108.
`
`[0037] The payment network 108 may identify the MCA
`included in the authorization request and may, based on
`attributes ofthe MCA,such asan issueridentification number
`(IN) or bank identification number (BIN), route the authori-
`zation request to a mobile cloud service provider 110. The
`service provider 110 may include a mapping database 116
`configured to store a plurality of mapping records, each of
`which may includeat least a master key identifier, an MCA,
`and the corresponding RCA.Theservice provider 110 may
`identify the MCA included in the authorization request and
`then may identify the corresponding mapping record
`included in the mapping database 116. The service provider
`110 may then transmit the corresponding RCA back to the
`payment network 108. It will be apparent to persons having
`skill in the relevant art that the service provider 110 may be
`any service, server, manager, system, etc. configured to per-
`form the functions as disclosed herein. In some embodiments
`
`the service provider 110 may be includedaspart of the pay-
`ment network 108 or may be operated by or on behalf of the
`issuer 112.
`
`18
`
`18
`
`

`

`US 2013/0232083 Al
`
`Sep. 5, 2013
`
`[0038] The payment network 108 may receive the RCA
`corresponding to the MCA supplied by the mobile device
`102, and may forwardthe authorization request including the
`RCAto the issuer 112 for authorization. The issuer 112 may
`then authorize the financial transaction for funding by the
`payment account corresponding to the RCA and submit an
`authorization responseto the payment network 108. The pay-
`ment network 108 may then replace the RCA includedin the
`authorization response with the MCA,and forwardthe autho-
`rization response to the acquirer 106, which may forward the
`response to the merchantforfinalization of the transaction.
`[0039]
`Following the finalization of the financial transac-
`tion, the acquirer 106 maypost the financial transaction for
`clearing with a clearing service 114. Inan exemplary embodi-
`ment, the clearing service 114 may transmit the postedtrans-
`action to the service provider 110. The service provider 110
`mayidentify the RCA corresponding to the MCA included in
`the posted transaction using the mapping database 116, and
`mayreturn the identified RCAto the clearing service 114. The
`clearing service 114 maythenclear the transaction using the
`RCAwiththe issuer 112 using systems and methods apparent
`to persons having skill in the relevant art.
`[0040] The use of the MCA may enable the user of the
`mobil